EOSIO SDK for Java: Softkey Signature Provider

Softkey Signature Provider is an example pluggable signature provider for EOSIO SDK for Java. It allows for signing transactions using in-memory SECP256K1 and SECP256R1 keys.

Important: Softkey Signature Provider stores keys in memory and is therefore not secure. It should only be used for development purposes. In production, we strongly recommend using a signature provider that interfaces with a KeyStore, authenticator or wallet.

All product and company names are trademarks™ or registered® trademarks of their respective holders. Use of them does not imply any affiliation with or endorsement by them.

Contents

• Updates
• About Signature Providers
• Prerequisites
• Installation
• Basic Usage
• Android Example App
• Library Methods
• Want to Help?
• License & Legal

Updates

• Version 1.0.0. This version consumes the new eosio-java library version 1.0.0.
• Version 0.1.3. The version consumes the new eosio-java library version 0.1.2.
• Version 0.1.2. The version includes updates on Mockito and Powermock dependencies to prevent the build error "Failed to transform...using Jetifier." that is occurring with new versions of AndroidX.

About Signature Providers

The Signature Provider abstraction is arguably the most useful of all of the EOSIO SDK for Java providers. It is responsible for:

• finding out what keys are available for signing (getAvailableKeys), and
• requesting and obtaining transaction signatures with a subset of the available keys (signTransaction).

By simply switching out the signature provider on a transaction, signature requests can be routed any number of ways. Need a signature from keys in the platform's Keychain or KeyStore? Configure the TransactionSession with a conforming signature provider that exposes that functionality. Need signatures from a wallet on the user's device? A signature provider can do that too!

All signature providers must conform to the ISignatureProvider Protocol.

Prerequisites

• Java JDK 1.8+ (1.7 source compatibility is targeted)
• Gradle 4.10.1+

Since EOSIO SDK for Java: Softkey Signature Provider is not an Android specific project, we recommend using IntelliJ if you are going to work on it. You can use Android Studio but be aware that some of the menu options under Build like Rebuild Project and Clean Project will not work correctly. You may still compile within Android Studio using Make Project under the Build menu, or by using Gradle from the command line.

Installation

This provider is intended to be used in conjunction with EOSIO SDK for Java as a provider plugin.

To use Softkey Signature Provider with EOSIO SDK for Java in your app, add the following modules to your build.gradle:

implementation 'one.block:eosiojava:1.0.0'
implementation 'one.block:eosiojavasoftkeysignatureprovider:1.0.0'

If you are using Softkey Signature Provider, or any library that depends on it, in an Android application you must also add the following to your application's build.gradle file in the android section:

// Needed to get bitcoin-j to produce a valid apk for android.
packagingOptions {
    exclude 'lib/x86_64/darwin/libscrypt.dylib'
    exclude 'lib/x86_64/freebsd/libscrypt.so'
    exclude 'lib/x86_64/linux/libscrypt.so'
}

The build.gradle files for the project currently include configurations for publishing the project to Artifactory. These should be removed if you are not planning to use Artifactory or you will encounter build errors. To do so, make the changes marked by comments throughout the files.

Then refresh your gradle project. Then you're all set for the Basic Usage example!

Basic Usage

Generally, signature providers are called by the TransactionProcessor during signing. (See an example here.) If you find, however, that you need to get available keys or request signing directly, this library can be invoked as follows:

SoftKeySignatureProviderImpl provider = new SoftKeySignatureProviderImpl();
try {
    List<String> availableKeys = provider.getAvailableKeys();
} catch (GetAvailableKeysError getAvailableKeysError) {
    getAvailableKeysError.printStackTrace();
}

And to import a private key:

try {
  provider.importKey("Your eos format private key in SECP256K1 or SECP256R1 type");
} catch (ImportKeyError importKeyError) {
  importKeyError.printStackTrace();
}

To sign an EosioTransactionSignatureRequest, you should first create it with your serialized transaction and list of public keys. EOSIO SDK for Java handles the creation of the object for you.

Finally, call signTransaction to sign.

try {
  String serializedTransaction = "Your serialized transaction";
  List<String> publicKeys = Arrays.asList("Your eos format public key in SECP256K1 or SECP256R1 type");
  EosioTransactionSignatureRequest request = new EosioTransactionSignatureRequest(serializedTransaction, publicKeys, chainId, null, false);
  EosioTransactionSignatureResponse response = provider.signTransaction(request);
} catch (SignTransactionError signTransactionError) {
  signTransactionError.printStackTrace();
}

Android Example App

If you'd like to see EOSIO SDK for Java: Softkey Signature Provider in action, check out our open source Android Example App--a working application that fetches an account's token balance and pushes a transfer action.

Library Methods

This library is an example implementation of ISignatureProvider. It implements the following protocol methods:

• signTransaction(EosioTransactionSignatureRequest eosioTransactionSignatureRequest) signs a Transaction
• getAvailableKeys() returns an array containing the public keys associated with the private keys that the object is initialized with

Import a key by calling:

• importKey(String privateKey)

Want to help?

Interested in contributing? That's awesome! Here are some Contribution Guidelines and the Code of Conduct.

License

MIT

Important

See LICENSE for copyright and license terms. Block.one makes its contribution on a voluntary basis as a member of the EOSIO community and is not responsible for ensuring the overall performance of the software or any related applications. We make no representation, warranty, guarantee or undertaking in respect of the software or any related documentation, whether expressed or implied, including but not limited to the warranties of merchantability, fitness for a particular purpose and noninfringement. In no event shall we be liable for any claim, damages or other liability, whether in an action of contract, tort or otherwise, arising from, out of or in connection with the software or documentation or the use or other dealings in the software or documentation. Any test results or performance figures are indicative and will not reflect performance under all conditions. Any reference to any third party or third-party product, service or other resource is not an endorsement or recommendation by Block.one. We are not responsible, and disclaim any and all responsibility and liability, for your use of or reliance on any of these resources. Third-party resources may be updated, changed or terminated at any time, so the information here may be out of date or inaccurate. Any person using or offering this software in connection with providing software, goods or services to third parties shall advise such third parties of these license terms, disclaimers and exclusions of liability. Block.one, EOSIO, EOSIO Labs, EOS, the heptahedron and associated logos are trademarks of Block.one.

Wallets and related components are complex software that require the highest levels of security. If incorrectly built or used, they may compromise users’ private keys and digital assets. Wallet applications and related components should undergo thorough security evaluations before being used. Only experienced developers should work with this software.